Backups to an SSH destination with SSH key auth - more questions

OS type and version Ubuntu 18.04 & 22.04
Virtualmin version Pro 7.7

In Backups to an SSH destination with SSH key auth Eric wrote:

You would just need to make sure your private key was in the .ssh dir in the home directory of whatever user is sending the backups to the backup server.

So, if you’re having Virtualmin send the backups to your server, you’d need to make sure the private key was in the root users home directory.

To test that – log into your server as root, and make sure you’re then able to SSH into your backup server without a key.

I’m feeling kind of dopey today - it’s not working for me. In particular, my goal is to use scp to transfer a backup of a domain from to as described here.

Here’s what I am doing…

  1. On, I used the Virtualmin Terminal to create a public/private key with ssh-keygen -t rsa -b 4096 This creates a file for
  2. I cat this file and copy all the lines
  3. On, I use Virtualmin Terminal to cd .ssh and paste those lines to the end of authorized_keys (It was initially empty.)
  4. I go back to, and attempt: ssh and am prompted to enter my password. This tells me that the SSH public key isn’t working.

Things that may be going wrong:

  • On both and, I created a deploy user with sudo access that I use to admin the servers. I use this login both for SSH and for logging into Virtualmin
  • On both hosts, I disabled root login (PermitRootLogin no in /etc/ssh/sshd_config)
  • On both hosts, I also disabled password login (PasswordAuthentication no in /etc/ssh/sshd_config)
  • On both hosts, Virtualmin is running at root (the Virtualmin Terminal shows ‘root’ for the whoami command)

I suspect the problem is the prohibition of root login. I also suspect that I could simply turn off that prohibition on for the duration of this experiment, and re-enable when I’m done.

But there are so many variables here, I thought I would appeal to people who are smarter than me to minimize my flailing about. Thanks for your thoughts.

I found vultr docs very good to generate keys, I use puttygen to generate keys but they have the method your trying.

@Eric Do you have any thoughts here? (the last two responses didn’t really address my question about PermitRootLogin…) Thanks

Try setting to prohibit-password instead of no,

PermitRootLogin prohibit-password

Same scenario works on my setup at least without any issues whatsoever.

Strange, and is plain english…

Use scp to copy the (public key) to (Server B, Backup) as authorized_keys file, this is know as “installing the public key to server”.

scp ~/.ssh/ root@

You will interact with Server B ssh authentication during this process. Proceed to answer yes and enter the correct password to complete the scp process.

Once completed, test the installed key by ssh’ing into Server B like below:


If you done it correctly, you will now be in Server B shell (No password is requested!). Exit from Server B.

After that you only need to setup like this your backup and it works

Ubuntu blocks the root login when first set up so unless you have given yourself access to login as root you will not be able to complete the scp command suggested, as it will require you to log in as root in order to copy the keys.

It appears that you copied the text of the key from .ssh/ and put it into the /root/.ssh/authorized_keys file.
If it is in there you should now be able to go to terminal in your first server and type something like ssh
Assuming you are logged into Webmin as root this should log you into the new server.
I don’t think you have to put the root@ in front of
However, both appear to work on mine.

I just copied and pasted the text from the file from my main server to the authorized_keys file of my backup server.

You might want to check the file to ensure the whole thing got copied properly. Mine starts with
ssh-rsa AAAAB3NzaC1yc2EAA
and ends with

In gui I have this, the allow login by root has Only with RSA auth, I think with “no” maybe the issue.
as toreskev has in the config file.

1 Like

I was wrong, @stefan1959 gave the answer.

In Webmin > Servers > SSH Server > Authentication, you set how you allow logins.

Default is like in the image, and backup works as suppose to do.

If you want to use only SSH keys, Permit logins with empty passwords selected on yes (if you don’t use a password, is an empty password, but you must set allow login by root as only with RSA auth).

If you Allow logins by root yes and password, you only need to put root password on backup form.

Just tested and works.

So, the solution is gave by @stefan1959

Good luck

YES! thanks to all, especially @stefan1959 who gave the solution:

  1. Do the steps in the original message to copy the into the authorized_keys file on
  2. On, use Virtualmin Webmin > Servers > SSH Server > Authentication and set Allow login by root? to “Only with RSA auth”
  3. On, ssh and get logged-in without providing a password.


1 Like

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.